How Incito (a Fluxa Ventures LLC product) collects, processes, retains, and deletes the data tenants and visitors share while using the platform. Last updated April 2026.
Incito is a product of Fluxa Ventures LLC, a US limited liability company with offices at 375 Kirkland Ave, Kirkland WA 98033, and 408 Broadway, New York NY 10013. Fluxa Ventures LLC is the data controller for the marketing site at useincito.com and the joint controller / processor for tenant deployments at app.useincito.com per the Master Services Agreement signed at sign-up.
From marketing-site visitors we collect only the minimum needed to run the site and respond to the buyer journey:
From dashboard tenants we collect what is needed to run the platform: account email, billing details (handled by Stripe), API keys, knowledge-base content the founder uploads, and operational logs of the widget running on tenant sandboxes.
From widget visitors we receive only what the embedded widget sends back during a session: a session ID, page URLs visited, the buyer's typed Q&A, and (when the tenant has enabled lead capture) name + email the visitor consented to share. We do not fingerprint, track across sites, or sell data.
Under GDPR and UK DPA we rely on (a) contract for processing tenant data necessary to deliver the platform, (b) legitimate interest for security, abuse detection, and product analytics that do not identify individuals, and (c) consent for optional lead-capture forms shown by tenants on their own demos.
We use a small set of well-known sub-processors. The current list is published at support@useincito.com on request and includes (today): Stripe (billing), AWS (hosting), Anthropic (LLM inference for the agent), Voyage AI (embeddings), ElevenLabs (TTS), Postmark (transactional email).
Personal data is processed in the United States. We rely on Standard Contractual Clauses (SCCs) for transfers from the EEA / UK and offer a Data Processing Addendum (DPA) on request.
Where applicable, you have the right to access, correct, port, or erase data we hold about you, and to lodge a complaint with your local supervisory authority. Email support@useincito.com with your request — we respond within 30 days.
Data in transit is TLS 1.2+. Data at rest is AES-256. Access to production is restricted to a named on-call rotation, logged, and reviewed quarterly. We are SOC 2 Type II working toward ISO 27001 — current attestations available under NDA.
If we make material changes to this policy we will notify dashboard tenants by email and post the revised policy here at least 30 days before it takes effect.
Questions about this policy? Email support@useincito.com. For a signed DPA, write sales@useincito.com.